zaterdag 28 februari 2009

RAPED once, SHAFTED twice and SCREWED as many times as Management deems appropriate.

Dear employees,

Due to the current financial situation caused by the slowdown of the economy, Management has decided to implement a scheme to put workers of 40 years of age and above on early retirement. This scheme will be known as RAPE (Retire Aged People Early).

Persons selected to be RAPED can apply to management to be eligible for the SHAFT scheme (Special Help After Forced Termination). Persons who have been RAPED and SHAFTED will be reviewed under the SCREW programme (Scheme Covering Retired Early Workers). A person may be RAPED once, SHAFTED twice and SCREWED as many times as Management deems appropriate.

Persons who have been RAPED can only get AIDS (Additional Income for Dependants & Spouse) or HERPES (Half Eamings for Retired Personnel Early Severance).

Obviously persons who have AIDS or HERPES will not be SHAFTED or SCREWED any further by Management.

Persons who are not RAPED and are staying on will receive as much SHIT (Special High Intensity Training) as possible. Management has always prided itself on the amount of SHIT it gives employees. Should you feel that you do not receive enough SHIT, please bring to the attention of your Supervisor. They have been trained to give you all the SHIT you can handle.

Sincerely, The Management

woensdag 25 februari 2009

Process hacking

When people I know start talking about 'hacking' in the original mean of the word [making things happen by means that it was not designed for], we most of the time stick to some technical mumbo jumbo, as the boss likes to call it.

That is something our whole industry likes to do. Did and does. No matter how many times we get bitten in the arse by people doing things wrong, we like to forget about the art of social engineering, simply because it is too difficult to do something about and because it does not sell boxes that smell nice because they are new.

I have spend quite some time working for|in|with large organizations and these are the places where social engineering works best. Employees do not know each other, low raking employees have been given a bullucking by their 'superiors' for sticking to the rules, etc.

The bigger the organization, the larger the piles of documentation with rules and exceptions. Fertile ground for those who want to get things done, their way :P

Getting access to buildings is easy, specially with the no smoking inside. Every company has a percentage of people who are addicted and these people -will- find ways to get out & in without too much hassle. Be it the emergency exit, be it a rooftop, but like water: they will find a way.

A novel trick I found lately was that after some of the smokers who used to leave via the front door but where called into the managers office after he'd seen the in-out time table, is getting a visitors pass for walking in & out unregistered. Smart. Of course I had to try to see how difficult it was to get one of those: frighteningly simple. Since so many had explained the situation with the security people, showing a packet of cigarettes was enough to trigger the knee jerk reaction of handing out a temporay access badge.

The same happens with the ordering process. Since all has been 'centralized' and 'standardized' it might take up to 6 months to get an order through [correct, this is a very bad and seldom example]. Because the supplier knows and has been trained to deliver orders before the paper work is 'completed', it is trivially simple to get any kind of hard & software shipped without passing the regular process. Most of the time the supplier will get his formalized order some time later but when he doesn't he just faxes the delivery notification to the ordering department and since they are used to things to go wrong, will send him a proforma so he will be able to bill.

More of the same is with changes to infrastructure. Since all self respecting organizations have CABs [Change Advisory Boards], where as we all know the most anal & inexperienced people waste their time, that take forever to approve the most basic changes but will happily waver changes with impact beyond the minimal description. This is how 'the insiders' get things done: there old an trusted social network.

In the role of PM or as auditor I do the same. I spend a large part of my time setting on desks, hanging around the coffee machine, lunching with [key-] people from the departments that actually do things. By constant name dropping and revering to 'john from RM', by reinforcing the well known fact that the official processes 'do not work' and 'the last reorganization undid the one before', confirming that 'the management' costs & wastes money, this way I get my rules, my connections, my targets met and implemented.

So if you get all exited when you find company xyz is still running that well knows bugged version of the Internet facing software, remember that I get the same happy feelings when I see people with ties and temporary badges :P

EDIT: Found people who actually give classes http://secinmotion.blogspot.com looks good.

dinsdag 17 februari 2009

Oh that thing from yesterday? It was just a tiny little bug…

You gotta love the importance of the infra and the huge dependency on everybody playing nice, or better, knowing what they are doing.

Yesterday a tiny little outlet called SUPRO, spol. s r. in the middle of nowhere called Hradiste CZ, who manage AS 47868, blacked out part of the oh so crucial Internet. This was done [for all we know] without any bad intentions but Fast Fingered Freddy did manage to cause a stir in the smooth user experience our beloved browsers are so used to.


As shown here there where a couple of countries suffering of their outdated routers but users of all countries might have traffic passing these.

A Basterd's Work is Never Done


Ah, nice! Time to get some laughs and warm feelings about 'bad' things.

The movie lifting [insider story of a friend of mine who worked over at a video rental and who told me he hired movies that he never brought back] Quentin Tarantino makes a new movie.

Chopping up Nazi's is a cool thing, in whatever way, shape or form so I am looking forward to the torrents in May :P